From 07532b1d124ea1e059b66c7865a8f57d300b58f4 Mon Sep 17 00:00:00 2001 From: Dominique Roux Date: Sun, 14 Oct 2018 16:25:37 +0200 Subject: [PATCH 01/11] make it rerunable, => not trying to install nextcloud if it's already installed --- gencode-remote | 27 ++++++++++++--------------- 1 file changed, 12 insertions(+), 15 deletions(-) diff --git a/gencode-remote b/gencode-remote index 249539d..632b184 100755 --- a/gencode-remote +++ b/gencode-remote @@ -45,21 +45,18 @@ admin_pass=$(cat "$__object/parameter/admin-pass") domain=$(cat "$__object/parameter/domain") # TODO check shasum of tar ball -# TODO: Make this Work!! -#if [ -d /var/www/nextcloud -a \$(cd /var/www/nextcloud; sudo -u www-data php occ status | grep -o true) ]; then -# INSTALL_STATE=true -#else -# INSTALL_STATE=false -#fi -#echo \${INSTALL_STATE} > /tmp/install-state -#if [ "\$INSTALL_STATE" != "true" ]; then cat </dev/null -a \$(cd /var/www/nextcloud 2>/dev/null; sudo -u www.data php occ status 2>/dev/null | grep -o true) ]; then + echo "Nextcloud already installed" >&2 + else + echo "installing nextcloud" >&2 + curl -s -L ${nextcloud_uri} -o /tmp/nextcloud.tar.bz2 + tar -C /var/www -xvjf /tmp/nextcloud.tar.bz2 + rm -f /tmp/nextcloud.tar.bz2 + chown -R www-data:www-data /var/www/nextcloud + cd /var/www/nextcloud + sudo -u www-data php occ maintenance:install --database "pgsql" --database-name "$db_name" --database-user "$db_user" --database-pass "$db_pass" --admin-user "$admin_user" --admin-pass "$admin_pass" + sudo -u www-data php occ config:system:set trusted_domains 2 --value="$domain" + fi eof #fi From d45b32b57b564b95b97b0d4ad90a2348429c1701 Mon Sep 17 00:00:00 2001 From: Dominique Roux Date: Thu, 28 Feb 2019 15:53:45 +0100 Subject: [PATCH 02/11] [BUGFIX] there was a typo, so the if for the do-not-rerun-if-already-installed check did not work correctly --- gencode-remote | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gencode-remote b/gencode-remote index 632b184..3aedb32 100755 --- a/gencode-remote +++ b/gencode-remote @@ -46,7 +46,7 @@ domain=$(cat "$__object/parameter/domain") # TODO check shasum of tar ball cat </dev/null -a \$(cd /var/www/nextcloud 2>/dev/null; sudo -u www.data php occ status 2>/dev/null | grep -o true) ]; then + if [ -d /var/www/nextcloud 2>/dev/null -a \$(cd /var/www/nextcloud 2>/dev/null; sudo -u www-data php occ status 2>/dev/null | grep -o true) ]; then echo "Nextcloud already installed" >&2 else echo "installing nextcloud" >&2 From e8541ce8bd725464bc23d56c90385bc85f47b788 Mon Sep 17 00:00:00 2001 From: Dominique Roux Date: Tue, 19 Nov 2019 15:45:02 +0100 Subject: [PATCH 03/11] Fixed nginx config for security issue nextcry --- files/nextcloud.nginx | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/files/nextcloud.nginx b/files/nextcloud.nginx index baf2fcc..6c69b14 100644 --- a/files/nextcloud.nginx +++ b/files/nextcloud.nginx @@ -56,7 +56,7 @@ server { #pagespeed off; location / { - rewrite ^ /index.php$uri; + rewrite ^ /index.php; } location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ { @@ -68,6 +68,7 @@ server { location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) { fastcgi_split_path_info ^(.+\.php)(/.*)$; + try_files $fastcgi_script_name =404; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $fastcgi_path_info; From 855fd2d62d362532853e7dd834a880b6f3154597 Mon Sep 17 00:00:00 2001 From: Dominique Roux Date: Tue, 19 Nov 2019 17:27:37 +0100 Subject: [PATCH 04/11] - Added support for beowulf - Changed package dependencies to php7.3 --- files/nextcloud.nginx | 5 +++-- manifest | 36 +++++++++++++++++++++++++----------- 2 files changed, 28 insertions(+), 13 deletions(-) diff --git a/files/nextcloud.nginx b/files/nextcloud.nginx index 6c69b14..f1c6fe3 100644 --- a/files/nextcloud.nginx +++ b/files/nextcloud.nginx @@ -1,5 +1,5 @@ upstream php-handler { - server unix:/run/php/php7.0-fpm.sock; + server unix:/run/php/phpVERSION-fpm.sock; } server { @@ -16,7 +16,8 @@ server { add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;"; add_header X-Content-Type-Options nosniff; - add_header X-Frame-Options "SAMEORIGIN"; + #add_header X-Frame-Options "SAMEORIGIN"; + add_header Referrer-Policy no-referrer; add_header X-XSS-Protection "1; mode=block"; add_header X-Robots-Tag none; add_header X-Download-Options noopen; diff --git a/manifest b/manifest index ca0f6d3..bcecab9 100755 --- a/manifest +++ b/manifest @@ -29,9 +29,19 @@ os_version=$(cat "$__global/explorer/os_version") case "$os_version" in 8*|jessie) distribution="jessie" + packages="php7.0-common php7.0-gd php7.0-json php7.0-pgsql php7.0-curl php7.0-intl php7.0-mcrypt php7.0-imagick php7.0-zip php7.0-apcu php7.0-mbstring php7.0-xml php7.0-fpm" + phpv="7.0" ;; 9*|ascii|ascii/ceres) distribution="stretch" + packages="php7.0-common php7.0-gd php7.0-json php7.0-pgsql php7.0-curl php7.0-intl php7.0-mcrypt php7.0-imagick php7.0-zip php7.0-apcu php7.0-mbstring php7.0-xml php7.0-fpm" + phpv="7.0" + ;; + 10*|beowulf|beowulf/ceres) + #packages="php7.3-common php7.3-gd php7.3-json php7.3-pgsql php7.3-curl php7.3-intl php7.3-mcrypt php-imagick php7.3-zip php-apcu php7.3-mbstring php7.3-xml php7.3-fpm" + distribution="buster" + packages="php7.3-fpm php7.3-intl php7.3-ldap php7.3-imap php7.3-gd php7.3-pgsql php7.3-curl php7.3-xml php7.3-zip php7.3-mbstring php7.3-soap php7.3-smbclient php7.3-json php7.3-gmp php7.3-bz2 php-pear" + phpv="7.3" ;; *) echo "Unsupported version $os_version of $os." >&2 @@ -39,6 +49,7 @@ case "$os_version" in ;; esac + db_pass=$(cat "$__object/parameter/db-pass") db_user=$(cat "$__object/parameter/db-user") db_name=$(cat "$__object/parameter/db-name") @@ -47,17 +58,19 @@ domain=$(cat "$__object/parameter/domain") tmpdir="$__object/files" mkdir "$tmpdir" -__apt_key_uri dotdeb --uri https://www.dotdeb.org/dotdeb.gpg -require="__apt_key_uri/dotdeb" __apt_source dotdeb --uri http://packages.dotdeb.org \ - --distribution ${distribution} \ - --component all - -require="__apt_source/dotdeb" __apt_update_index +case "$os_version" in + 8*|jessie|9*|ascii|ascii/ceres) + __apt_key_uri dotdeb --uri https://www.dotdeb.org/dotdeb.gpg + require="__apt_key_uri/dotdeb" __apt_source dotdeb --uri http://packages.dotdeb.org \ + --distribution ${distribution} \ + --component all + require="__apt_source/dotdeb" __apt_update_index + ;; +esac +__apt_update_index # Install packages -for package in php7.0-common php7.0-gd php7.0-json php7.0-pgsql php7.0-curl \ - php7.0-intl php7.0-mcrypt php7.0-imagick \ - php7.0-zip php7.0-apcu php7.0-mbstring php7.0-xml php7.0-fpm; +for package in ${packages} do require="__apt_update_index" __package $package --state=present done @@ -66,7 +79,7 @@ __package curl --state=present # Configure packages ## PHP 7 -require="__package/php7.0-fpm" __file /etc/php/7.0/fpm/pool.d/www.conf \ +require="__package/php${phpv}-fpm" __file /etc/php/${phpv}/fpm/pool.d/www.conf \ --owner root --group root --mode 644 --source "$__type/files/fpm.conf" @@ -85,6 +98,7 @@ require="__ungleich_http_server_ssl_redirect_letsencrypt/$domain" \ ### The SSL configuration sed "s/DOMAIN/$domain/" "$__type/files/nextcloud.nginx" > "$tmpdir/nginx" +sed "s/VERSION/$phpv/" "$__type/files/nextcloud.nginx" > "$tmpdir/nginx" require="__letsencrypt_cert/$domain __package/nginx" __file /etc/nginx/sites-enabled/nextcloud \ --owner www-data \ --group www-data \ @@ -103,4 +117,4 @@ require="__package/postgresql __postgres_role/${db_user}" __postgres_database "$ # Start on boot require="__package/postgresql" __start_on_boot postgresql require="__package/nginx" __start_on_boot nginx -require="__package/php7.0-fpm" __start_on_boot php7.0-fpm +require="__package/php${phpv}-fpm" __start_on_boot php${phpv}-fpm From 4a07815600cee50d662f46b8dcd05e1e0a088da0 Mon Sep 17 00:00:00 2001 From: Dominique Roux Date: Tue, 19 Nov 2019 17:30:08 +0100 Subject: [PATCH 05/11] fixed small typo and small bug --- gencode-remote | 1 - manifest | 1 - 2 files changed, 2 deletions(-) diff --git a/gencode-remote b/gencode-remote index 51d7bc1..31aeb24 100755 --- a/gencode-remote +++ b/gencode-remote @@ -21,7 +21,6 @@ case "$os" in restart="systemctl restart nginx" ;; *) - restart="systemctl restart nginx" echo "Unsupported version $os_version of $os." >&2 exit 1 ;; diff --git a/manifest b/manifest index bcecab9..687127b 100755 --- a/manifest +++ b/manifest @@ -49,7 +49,6 @@ case "$os_version" in ;; esac - db_pass=$(cat "$__object/parameter/db-pass") db_user=$(cat "$__object/parameter/db-user") db_name=$(cat "$__object/parameter/db-name") From ded68cbd86897d34d312a7c87e50f703d999022d Mon Sep 17 00:00:00 2001 From: Dominique Roux Date: Tue, 19 Nov 2019 18:02:47 +0100 Subject: [PATCH 06/11] Updated default version to 17.0.1 --- parameter/default/version | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/parameter/default/version b/parameter/default/version index 6fe535b..3e17df0 100644 --- a/parameter/default/version +++ b/parameter/default/version @@ -1 +1 @@ -13.0.6 +17.0.1 From 031e73124a23bc4a5fc6d0dab049c9b315325db8 Mon Sep 17 00:00:00 2001 From: Dominique Roux Date: Tue, 19 Nov 2019 18:04:26 +0100 Subject: [PATCH 07/11] bugfixes for the php/fpm configuration --- files/fpm.conf | 2 +- manifest | 9 +++++---- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/files/fpm.conf b/files/fpm.conf index 776f2c6..322fba7 100644 --- a/files/fpm.conf +++ b/files/fpm.conf @@ -3,7 +3,7 @@ user = www-data group = www-data -listen = /run/php/php7.0-fpm.sock +listen = /run/php/phpVERSION-fpm.sock listen.owner = www-data listen.group = www-data diff --git a/manifest b/manifest index 687127b..98a057c 100755 --- a/manifest +++ b/manifest @@ -73,13 +73,14 @@ for package in ${packages} do require="__apt_update_index" __package $package --state=present done -__package postgresql --state=present -__package curl --state=present +require="__apt_update_index" __package postgresql --state=present +require="__apt_update_index" __package curl --state=present # Configure packages ## PHP 7 +sed "s/VERSION/$phpv/" "$__type/files/fpm.conf" > "$tmpdir/fpm" require="__package/php${phpv}-fpm" __file /etc/php/${phpv}/fpm/pool.d/www.conf \ - --owner root --group root --mode 644 --source "$__type/files/fpm.conf" + --owner root --group root --mode 644 --source "$tmpdir/fpm" @@ -97,7 +98,7 @@ require="__ungleich_http_server_ssl_redirect_letsencrypt/$domain" \ ### The SSL configuration sed "s/DOMAIN/$domain/" "$__type/files/nextcloud.nginx" > "$tmpdir/nginx" -sed "s/VERSION/$phpv/" "$__type/files/nextcloud.nginx" > "$tmpdir/nginx" +sed -i "s/VERSION/$phpv/" "$tmpdir/nginx" require="__letsencrypt_cert/$domain __package/nginx" __file /etc/nginx/sites-enabled/nextcloud \ --owner www-data \ --group www-data \ From 711817f2a664507a79e27e17eb8b079acb029b5e Mon Sep 17 00:00:00 2001 From: Dominique Roux Date: Tue, 26 Nov 2019 09:15:11 +0100 Subject: [PATCH 08/11] [BUGFIX]: fixed curl package requirement --- manifest | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifest b/manifest index 98a057c..62cd1ce 100755 --- a/manifest +++ b/manifest @@ -74,7 +74,7 @@ for package in ${packages} done require="__apt_update_index" __package postgresql --state=present -require="__apt_update_index" __package curl --state=present +#require="__apt_update_index" __package curl --state=present # Configure packages ## PHP 7 From 9f2fb22ae90cd20a024c45be49545c810ff2cdcb Mon Sep 17 00:00:00 2001 From: Dominique Roux Date: Wed, 26 Feb 2020 11:36:26 +0100 Subject: [PATCH 09/11] Enabled support for debian 10 --- gencode-remote | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/gencode-remote b/gencode-remote index 31aeb24..99f3736 100755 --- a/gencode-remote +++ b/gencode-remote @@ -9,15 +9,15 @@ case "$os" in ;; debian) case "$os_version" in - [1-7]*) + [2-7]*) restart="/etc/init.d/nginx restart" echo "Unsupported version $os_version of $os." >&2 exit 1 ;; - 8*) + [8-9]*) restart="systemctl restart nginx" ;; - 9*) + 10*) restart="systemctl restart nginx" ;; *) From 104a03fd12b046405d3d03c567c84362605396d8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timoth=C3=A9e=20Floure?= Date: Sat, 16 May 2020 19:59:55 +0200 Subject: [PATCH 10/11] Ad dmissing php-imagick dependency to buster --- manifest | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/manifest b/manifest index 62cd1ce..8a305cb 100755 --- a/manifest +++ b/manifest @@ -40,7 +40,7 @@ case "$os_version" in 10*|beowulf|beowulf/ceres) #packages="php7.3-common php7.3-gd php7.3-json php7.3-pgsql php7.3-curl php7.3-intl php7.3-mcrypt php-imagick php7.3-zip php-apcu php7.3-mbstring php7.3-xml php7.3-fpm" distribution="buster" - packages="php7.3-fpm php7.3-intl php7.3-ldap php7.3-imap php7.3-gd php7.3-pgsql php7.3-curl php7.3-xml php7.3-zip php7.3-mbstring php7.3-soap php7.3-smbclient php7.3-json php7.3-gmp php7.3-bz2 php-pear" + packages="php7.3-fpm php7.3-intl php7.3-ldap php7.3-imap php7.3-gd php7.3-pgsql php7.3-curl php7.3-xml php7.3-zip php7.3-mbstring php7.3-soap php7.3-smbclient php7.3-json php7.3-gmp php7.3-bz2 php-pear php-imagick" phpv="7.3" ;; *) @@ -50,6 +50,7 @@ case "$os_version" in esac db_pass=$(cat "$__object/parameter/db-pass") +nameserver fd00::2e3a:fdff:fef6:130e db_user=$(cat "$__object/parameter/db-user") db_name=$(cat "$__object/parameter/db-name") domain=$(cat "$__object/parameter/domain") From 4abb5ed917dcdd13dbf1814eb2ec56aca26249a0 Mon Sep 17 00:00:00 2001 From: Jin-Guk Kwon Date: Mon, 10 Aug 2020 15:21:41 +0200 Subject: [PATCH 11/11] Updated default version to 19.0.1 --- parameter/default/version | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/parameter/default/version b/parameter/default/version index 3e17df0..b2c7e01 100644 --- a/parameter/default/version +++ b/parameter/default/version @@ -1 +1 @@ -17.0.1 +19.0.1 \ No newline at end of file